How to Securely Migrate Your Umbraco Website to WordPress

Your Umbraco database holds every registered member account, every Umbraco Forms submission, every media node record, and if you run Umbraco Commerce, every customer order your site has processed. Whoever migrates it has access to all of it.

What Is Actually Inside an Umbraco Database

Umbraco uses SQL Server with a node-based schema where all content, media, and member data lives in a unified node tree. The umbracoMember table holds every registered front-end user: email address, username, login name, and hashed password. The umbracoMemberPropertyData table holds all profile field values for those members, which may include phone numbers, addresses, organization affiliations, or any other custom profile fields the site owner configured. The UFRecordData and UFRecordField tables from Umbraco Forms hold every form submission including all submitted field values. For government and public sector sites built on Umbraco, a common use case in the UK and Scandinavia, these form submissions may contain legally protected personal data. The umbracoMedia node tree holds metadata for every file uploaded to the site. If Umbraco Commerce is active, the commerce-specific tables hold customer addresses, payment method references, and complete order histories.

All of this is in the SQL Server database that any migration provider will back up and work from. The governance question is who holds that backup, under what security controls, and with what deletion commitment.

What Has Gone Wrong in Real Data Migrations

A contractor turned off the firewall for ten minutes while migrating data to ElasticSearch. This exposed the database to attackers who breached over 5 billion data records.

Keepnet Labs breach, documented by Caylent security research

Ten minutes. One shortcut. For an Umbraco site serving a public sector organization or a membership association with thousands of registered members, the exposure window during an insecure migration runs from when the database backup leaves your server to when it is formally deleted from the provider’s system. For most freelancers, that moment is never defined.

Customer data intercepted during a cloud migration and personally identifiable information exposed due to misconfigured permissions are not hypothetical scenarios. They result in regulatory fines, lawsuits, and destroyed customer trust.

Monte Carlo Data, September 2025

Umbraco migrations expose a credential surface that covers your Umbraco backoffice admin credentials (access to all content, members, and forms data), your SQL Server connection string (access to the full database schema), and your file server access (the physical media files). A provider holding all three has complete access to your entire environment and everything it contains.

The Developer and Agency Problem

Umbraco migrations require knowledge of the node-based content schema, the umbracoPropertyData structure, the Razor template architecture, the Umbraco Forms data tables, and how to map all of this to WordPress. That knowledge is uncommon. The pool of Umbraco developers who have actually done a full database-level migration to WordPress is small, and finding one with a formal data protection process is very rare.

• No Data Processing Agreement. GDPR requires a signed DPA before any third party processes personal data. UK GDPR and the Data Protection Act 2018 apply to UK-based organizations. An Umbraco database almost certainly contains personal data of EU or UK residents. Without a DPA, your organization is in violation before the migration begins.
• No credential security policy. Your Umbraco backoffice credentials, SQL Server connection string, and file server access are typically shared by email and retained indefinitely on the provider’s machine. No encrypted vault, no deletion timeline, no audit trail.
• No data retention policy. The SQL Server backup downloaded for the migration stays on the provider’s machine or cloud storage after the job is complete. There is no deletion date and no notification to you when it eventually disappears.
• No breach notification obligation. If the provider’s system is compromised while holding your data, they have no contractual obligation to notify you, the affected members, or the ICO (for UK organizations).
• No professional liability. If the migration loses form submissions, corrupts property data, or triggers a GDPR investigation, a freelancer has no insurance and no legal accountability. Your organization absorbs the cost.
• Umbraco-specific technical failures. Most providers who advertise Umbraco migrations underestimate the umbracoPropertyData schema, the Umbraco Forms data tables, and the media node tree structure. The result is a migration that looks complete on the surface but is missing significant structured content and form history.

How gConverter Does It

gConverter is a registered US company with full EU and UK GDPR compliance for all European and international clients. We act as a Data Processor under GDPR Article 4(8) and UK GDPR with a documented six-step security process applied to every migration including Umbraco.

Step 1: DPA before credentials

Before you share any credentials, you receive a Data Processing Agreement for review and signature. For GC-ExtraSecurity clients, a Non-Disclosure Agreement is also executed. No data access is granted until both documents are countersigned. The DPA specifies what we process, the lawful basis, retention limits, and our liability in the event of a breach.

Step 2: Encrypted credential vault

Your Umbraco admin credentials, SQL Server connection string, and file server access are transmitted via an encrypted channel, never by email. Stored immediately in an AES-256 encrypted vault accessible only to the single assigned engineer. Deleted within 24 hours of job completion with written confirmation sent to you.

Step 3: Isolated staging environment

Your database is exported and transferred over TLS 1.3. For GC-ExtraSecurity clients, processing happens on a dedicated Hetzner EU server in Frankfurt, keeping all data inside the EEA throughout. For standard clients, processing is on the assigned engineer’s encrypted machine (Apple FileVault AES-256). Your data is never on shared hosting and never alongside other clients’ data.

Steps 4 to 6: Logged migration, verified delivery, 30-day deletion

Every database query and file operation is logged. The migration is completed on staging and presented for your review before go-live. After approval and launch, credentials are revoked immediately. All customer data is permanently deleted within 30 days using secure overwrite. Breach notification within 72 hours if required by GDPR Article 33 or the UK equivalent.

Read the complete GDPR and Data Protection documentation →

Questions to Ask Any Umbraco Migration Provider

1. Will you sign a Data Processing Agreement before accessing any data? No DPA means no GDPR or UK GDPR compliance and direct legal exposure for your organization.
2. How do you handle Umbraco-specific data: umbracoPropertyData fields, UFRecordData form submissions, umbracoMemberPropertyData, media node tree? If they cannot answer specifically, they have not done it before.
3. How are credentials transmitted and stored? Acceptable: encrypted channel and AES-256 vault. Not acceptable: email, Slack, or any plain-text channel.
4. Where is my SQL Server data processed during migration? Specific server location, encryption method, and access policy.
5. When and how is my data deleted after completion? A timeline and a deletion method, not a verbal assurance.
6. Do you carry professional liability insurance? Without it, no financial recourse if a breach or data loss occurs.
7. What is your breach notification procedure? UK organizations have a 72-hour reporting obligation to the ICO. Without a documented procedure, a provider has no obligation to tell you if your data is compromised.

Technical Quality Matters Too

Security is the foundation. But a secure migration that drops property data, loses form submissions, or breaks the content tree URL structure is still a failed migration. A complete Umbraco to WordPress migration by gConverter covers all content nodes by Document Type with all property values from umbracoPropertyData, the node tree URL structure preserved or redirected, Razor templates rebuilt as a custom WordPress theme, Umbraco Forms submission data archived, members imported with profile data, Umbraco Commerce orders exported, media files imported to the WordPress Media Library, and SEO metadata transferred to Yoast SEO.

For the full technical picture: Why Organizations Are Switching From Umbraco to WordPress →

To discuss your specific site: Umbraco to WordPress migration at gConverter →

What Our Clients Say

Went FAR above and beyond to help us work through this project. We are thrilled with the final result and they were professional, great to work with, and responsive every step of the way. Would highly recommend.

Anna P., Wilmington NC – Customer Lobby, January 2026

Extremely professional and efficient, we had very good contact, the work was done in due time.

Timoti F., Berlin DC – Customer Lobby, February 2024

The Bottom Line

An Umbraco database built over years of operation contains content with all its structured property data, registered member accounts with profile fields, form submission records, and media file metadata. For UK and Scandinavian public sector organizations and membership associations, this data carries significant legal obligations. Most migration providers do not have the data governance to handle it correctly.

gConverter is US-registered with full EU and UK GDPR compliance, signed legal agreements before access, AES-256 encryption at rest, TLS 1.3 in transit, EU server options, and 30-day data deletion with written confirmation. Before the job starts, you have a signed DPA. While it runs, your data is encrypted, isolated, and logged. When it ends, your data and credentials are gone from our systems.